package com.vision.shop.web;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.fileupload.servlet.ServletFileUpload;

import com.vision.shop.model.ShopException;
import com.vision.shop.model.User;
import com.vision.shop.util.DaoUtil;

public class BaseServlet extends HttpServlet {
	/**
	 * 
	 */
	private static final long serialVersionUID = 1L;
	private Map<String,String> errors=new HashMap<String,String> ();
	protected Map<String,String> getErrors(){
		return errors;
	}
	protected boolean hasErrors(){
		if(errors!=null&&errors.size()>0){
			return true;
		}
		return false;
	}
	protected String handleException(ShopException e,HttpServletRequest req){
		req.setAttribute("errorMsg", e.getMessage());
		return "inc/error.jsp";
	}

	@Override
	protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
		
		try {
			/**
			 * 执行之前封装MultipartWrapper装饰器
			 */
			//放入errors
			errors.clear();
			req.setAttribute("errors", errors);
			if(ServletFileUpload.isMultipartContent(req)){
				req=new MultipartWrapper(req);
			}
			//依赖注入
			DaoUtil.diObj(this);
			String method=req.getParameter("method");
			Method m=this.getClass().getMethod(method, HttpServletRequest.class,HttpServletResponse.class);
			//实现权限的控制
			int flag=CheckAuth(req,m,resp);
			if(flag==1){
				resp.sendRedirect("user.do?method=loginInput");
				return;
			}else if(flag==2){
				req.setAttribute("errorMsg", "你没有权限访问该功能");
				req.getRequestDispatcher("/WEB-INF/inc/error.jsp").forward(req, resp);
				return;
			}
			String path=(String)m.invoke(this, req,resp);
			String rediStr="redirect:";
			if(path.startsWith(rediStr)){
				resp.sendRedirect(req.getContextPath()+path.substring(rediStr.length()));
			}else{
				req.getRequestDispatcher("/WEB-INF/"+path).forward(req, resp);
			}
			
			
		} catch (NoSuchMethodException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (SecurityException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IllegalAccessException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (IllegalArgumentException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvocationTargetException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}
	/**
	 *返回int类型的值，如果是0表示可以成功访问，1表示跳转登录页面，2表示显示没有权限
	 */
	private int CheckAuth(HttpServletRequest req, Method m,HttpServletResponse resp) {
		User lu=(User)req.getSession().getAttribute("loginUser");
		if(lu!=null&&lu.getType()==1){
			//管理员直接返回
			return 0;
		}
		
		if (!m.isAnnotationPresent(Auth.class)) {
			// 没有Annotation说明该方法必须有超级管理员访问
			if (lu == null) {

				return 1;
			}
			if (lu.getType() != 1) {
				return 2;

			}
		} else {
			Auth a = m.getAnnotation(Auth.class);
			String v = a.value();
			if (v.equals("any")) {
				return 0;
			} else if(v.equals("user")){
				if(lu==null){
				return 1;}
				return 0;
			}
		}
		return 0;
	}
}
